The Google Chrome Web browser has found itself at the center of a security issue that could lead to cross-site scripting attacks.

Google Chrome has been updated to 1.0.154.59 to fix securityvulnerability in the handling of ChromeHTML URIs (Uniform Resource Identifiers) that allows an attacker to bypass the Same Origin Policy for any site and enumerate victim's files and directories.

"If a user has Google Chrome installed, visiting an attacker-controlled Web page inMicrosoft Internet Explorer could have caused Google Chrome to launch, open multiple tabs and load scripts that run after navigating to a URL of the attacker's choice," the advisory stated.

The vulnerability was discovered by IBM security researcher Roi Saltzman, who noted in a blog post that the processing of URL protocol handlers has been an ongoing issue with Internet Explorer. A similar situation was uncovered in 2007 involving Internet Explorer and Firefox.

"These issues pose a major threat to any user that browses a maliciously crafted page using Internet Explorerand has Google Chrome installed alongside," Saltzman wrote. "It is important to note that the way Internet Explorer processes URL protocol handlers is a known Achilles' heel and has been widely used previously to attack other various applications."